X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fcrud%2Fservice%2FCrudRestService.java;h=2af205a34115b7f2e5c05b6a6fe7062763c4b34c;hb=d41ef90610aadb5aa3372d5922155e4fc4e0a407;hp=4b05b886cf3c7099b769a87274d82032484fdda3;hpb=10ad7fc35b93f0d74052c76fef724f8494acb7ba;p=aai%2Fgizmo.git diff --git a/src/main/java/org/onap/crud/service/CrudRestService.java b/src/main/java/org/onap/crud/service/CrudRestService.java index 4b05b88..2af205a 100644 --- a/src/main/java/org/onap/crud/service/CrudRestService.java +++ b/src/main/java/org/onap/crud/service/CrudRestService.java @@ -1,16 +1,15 @@ /** * ============LICENSE_START======================================================= - * Gizmo + * org.onap.aai * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. - * Copyright © 2017 Amdocs - * All rights reserved. + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright © 2017-2018 Amdocs * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -18,17 +17,29 @@ * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= - * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ package org.onap.crud.service; +import com.google.gson.JsonElement; + +import org.apache.cxf.jaxrs.ext.PATCH; +import org.onap.aai.cl.api.Logger; +import org.onap.aai.cl.eelf.LoggerFactory; +import org.onap.aaiauth.auth.Auth; +import org.onap.crud.exception.CrudException; +import org.onap.crud.logging.CrudServiceMsgs; +import org.onap.crud.logging.LoggingUtil; +import org.onap.crud.util.CrudProperties; +import org.onap.crud.util.CrudServiceConstants; +import org.onap.crud.util.CrudServiceUtil; +import org.slf4j.MDC; + import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; - import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.Consumes; @@ -47,19 +58,6 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriInfo; -import org.apache.cxf.jaxrs.ext.PATCH; -import org.onap.aaiauth.auth.Auth; -import org.onap.aai.cl.api.Logger; -import org.onap.aai.cl.eelf.LoggerFactory; -import org.onap.crud.exception.CrudException; -import org.onap.crud.logging.CrudServiceMsgs; -import org.onap.crud.logging.LoggingUtil; -import org.onap.crud.util.CrudServiceConstants; -import org.onap.crud.util.CrudServiceUtil; -import org.slf4j.MDC; - -import com.google.gson.JsonElement; - public class CrudRestService { private AbstractGraphDataService graphDataService; @@ -74,6 +72,13 @@ public class CrudRestService { this.graphDataService = graphDataService; this.auth = new Auth(CrudServiceConstants.CRD_AUTH_FILE); } + + // For unit testing + public CrudRestService(AbstractGraphDataService graphDataService, Auth auth) throws Exception { + this.graphDataService = graphDataService; + this.auth = auth; + } + public enum Action { POST, GET, PUT, DELETE, PATCH @@ -85,28 +90,33 @@ public class CrudRestService { @GET @Path("/{version}/{type}/{id}") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response getVertex(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { + Map params = new HashMap(); + for (Map.Entry> e : uriInfo.getQueryParameters().entrySet()) { + params.put(e.getKey(), e.getValue().get(0)); + } - try { - String result = graphDataService.getVertex(version, id, type); + try { + if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { + String result = graphDataService.getVertex(version, id, type, params); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -115,33 +125,45 @@ public class CrudRestService { @GET @Path("/{version}/{type}/") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response getVertices(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, - @Context HttpServletRequest req) { + @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, + @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { + try { + if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { + String propertiesKey = CrudProperties.get(CrudServiceConstants.CRD_COLLECTION_PROPERTIES_KEY); - Map filter = new HashMap(); - for (Map.Entry> e : uriInfo.getQueryParameters().entrySet()) { - filter.put(e.getKey(), e.getValue().get(0)); - } + Map filter = new HashMap(); + + for (Map.Entry> e : uriInfo.getQueryParameters().entrySet()) { + if (!e.getKey().equals(propertiesKey)) { + filter.put(e.getKey(), e.getValue().get(0)); + } + } - try { - String result = graphDataService.getVertices(version, type, filter); + HashSet properties; + if (uriInfo.getQueryParameters().containsKey(propertiesKey)) { + properties = new HashSet<>(uriInfo.getQueryParameters().get(propertiesKey)); + } else { + properties = new HashSet<>(); + } + + String result = graphDataService.getVertices(version, type, filter, properties); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -150,29 +172,33 @@ public class CrudRestService { @GET @Path("/relationships/{version}/{type}/{id}") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response getEdge(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { + Map params = new HashMap(); + for (Map.Entry> e : uriInfo.getQueryParameters().entrySet()) { + params.put(e.getKey(), e.getValue().get(0)); + } - try { + try { + if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - String result = graphDataService.getEdge(version, id, type); + String result = graphDataService.getEdge(version, id, type, params); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -181,35 +207,34 @@ public class CrudRestService { @GET @Path("/relationships/{version}/{type}/") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response getEdges(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, - @Context HttpServletRequest req) { + @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, + @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - Map filter = new HashMap(); - for (Map.Entry> e : uriInfo.getQueryParameters().entrySet()) { - filter.put(e.getKey(), e.getValue().get(0)); - } + Map filter = new HashMap(); + for (Map.Entry> e : uriInfo.getQueryParameters().entrySet()) { + filter.put(e.getKey(), e.getValue().get(0)); + } - try { + try { + if (validateRequest(req, uri, content, Action.GET, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { String result = graphDataService.getEdges(version, type, filter); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); - + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -218,20 +243,20 @@ public class CrudRestService { @PUT @Path("/relationships/{version}/{type}/{id}") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response updateEdge(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.PUT, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.PUT, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { EdgePayload payload = EdgePayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -250,14 +275,13 @@ public class CrudRestService { } response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); - + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -266,19 +290,19 @@ public class CrudRestService { @PATCH @Path("/relationships/{version}/{type}/{id}") - @Consumes({ "application/merge-patch+json" }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({"application/merge-patch+json"}) + @Produces({MediaType.APPLICATION_JSON}) public Response patchEdge(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.PATCH, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.PATCH, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { EdgePayload payload = EdgePayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -289,13 +313,13 @@ public class CrudRestService { String result = graphDataService.patchEdge(version, id, type, payload); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -304,20 +328,20 @@ public class CrudRestService { @PUT @Path("/{version}/{type}/{id}") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response updateVertex(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.PUT, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.PUT, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { VertexPayload payload = VertexPayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -325,9 +349,9 @@ public class CrudRestService { if (payload.getId() != null && !payload.getId().equals(id)) { throw new CrudException("ID Mismatch", Status.BAD_REQUEST); } - + String result; - + payload.setProperties(CrudServiceUtil.mergeHeaderInFoToPayload(payload.getProperties(), headers, false)); if (headers.getRequestHeaders().getFirst(HTTP_PATCH_METHOD_OVERRIDE) != null @@ -338,13 +362,13 @@ public class CrudRestService { result = graphDataService.updateVertex(version, id, type, payload); } response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -353,19 +377,19 @@ public class CrudRestService { @PATCH @Path("/{version}/{type}/{id}") - @Consumes({ "application/merge-patch+json" }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({"application/merge-patch+json"}) + @Produces({MediaType.APPLICATION_JSON}) public Response patchVertex(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.PATCH, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.PATCH, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { VertexPayload payload = VertexPayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -378,13 +402,13 @@ public class CrudRestService { String result = graphDataService.patchVertex(version, id, type, payload); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -393,20 +417,20 @@ public class CrudRestService { @POST @Path("/{version}/{type}/") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response addVertex(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, - @Context HttpServletRequest req) { + @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, + @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { VertexPayload payload = VertexPayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -423,13 +447,13 @@ public class CrudRestService { String result = graphDataService.addVertex(version, type, payload); response = Response.status(Status.CREATED).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -464,11 +488,13 @@ public class CrudRestService { if (!opr.getValue().getAsString().equalsIgnoreCase("add") && !opr.getValue().getAsString().equalsIgnoreCase("modify") + && !opr.getValue().getAsString().equalsIgnoreCase("patch") && !opr.getValue().getAsString().equalsIgnoreCase("delete")) { throw new CrudException("Invalid operation at item: " + item.getKey(), Status.BAD_REQUEST); } - // check if ID is populate for modify/delete operation + // check if ID is populate for modify/patch/delete operation if ((opr.getValue().getAsString().equalsIgnoreCase("modify") + || opr.getValue().getAsString().equalsIgnoreCase("patch") || opr.getValue().getAsString().equalsIgnoreCase("delete")) && (vertexPayload.getId() == null)) { throw new CrudException("Mising ID at item: " + item.getKey(), Status.BAD_REQUEST); @@ -504,11 +530,13 @@ public class CrudRestService { if (!opr.getValue().getAsString().equalsIgnoreCase("add") && !opr.getValue().getAsString().equalsIgnoreCase("modify") + && !opr.getValue().getAsString().equalsIgnoreCase("patch") && !opr.getValue().getAsString().equalsIgnoreCase("delete")) { throw new CrudException("Invalid operation at item: " + item.getKey(), Status.BAD_REQUEST); } - // check if ID is populate for modify/delete operation + // check if ID is populate for modify/patch/delete operation if ((edgePayload.getId() == null) && (opr.getValue().getAsString().equalsIgnoreCase("modify") + || opr.getValue().getAsString().equalsIgnoreCase("patch") || opr.getValue().getAsString().equalsIgnoreCase("delete"))) { throw new CrudException("Mising ID at item: " + item.getKey(), Status.BAD_REQUEST); @@ -538,37 +566,37 @@ public class CrudRestService { @POST @Path("/{version}/bulk/") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response addBulk(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, - @Context HttpServletRequest req) { + @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, + @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { BulkPayload payload = BulkPayload.fromJson(content); if ((payload.getObjects() == null && payload.getRelationships() == null) || (payload.getObjects() != null && payload.getObjects().isEmpty() && payload.getRelationships() != null - && payload.getRelationships().isEmpty())) { + && payload.getRelationships().isEmpty())) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); } validateBulkPayload(payload); String result = graphDataService.addBulk(version, payload, headers); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -577,19 +605,19 @@ public class CrudRestService { @POST @Path("/{version}/") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response addVertex(String content, @PathParam("version") String version, @PathParam("uri") @Encoded String uri, - @Context HttpHeaders headers, @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @Context HttpHeaders headers, @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { VertexPayload payload = VertexPayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -601,18 +629,18 @@ public class CrudRestService { if (payload.getType() == null || payload.getType().isEmpty()) { throw new CrudException("Missing Vertex Type ", Status.BAD_REQUEST); } - + payload.setProperties(CrudServiceUtil.mergeHeaderInFoToPayload(payload.getProperties(), headers, true)); String result = graphDataService.addVertex(version, payload.getType(), payload); response = Response.status(Status.CREATED).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -621,20 +649,20 @@ public class CrudRestService { @POST @Path("/relationships/{version}/{type}/") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response addEdge(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, - @Context HttpServletRequest req) { + @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo uriInfo, + @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { EdgePayload payload = EdgePayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -648,13 +676,13 @@ public class CrudRestService { } String result = graphDataService.addEdge(version, type, payload); response = Response.status(Status.CREATED).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -663,19 +691,19 @@ public class CrudRestService { @POST @Path("/relationships/{version}/") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response addEdge(String content, @PathParam("version") String version, @PathParam("uri") @Encoded String uri, - @Context HttpHeaders headers, @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @Context HttpHeaders headers, @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.POST, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { EdgePayload payload = EdgePayload.fromJson(content); if (payload.getProperties() == null || payload.getProperties().isJsonNull()) { throw new CrudException("Invalid request Payload", Status.BAD_REQUEST); @@ -690,13 +718,13 @@ public class CrudRestService { String result = graphDataService.addEdge(version, payload.getType(), payload); response = Response.status(Status.CREATED).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -705,29 +733,29 @@ public class CrudRestService { @DELETE @Path("/{version}/{type}/{id}") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response deleteVertex(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.DELETE, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.DELETE, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { String result = graphDataService.deleteVertex(version, id, type); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -736,28 +764,28 @@ public class CrudRestService { @DELETE @Path("/relationships/{version}/{type}/{id}") - @Consumes({ MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_JSON }) + @Consumes({MediaType.APPLICATION_JSON}) + @Produces({MediaType.APPLICATION_JSON}) public Response deleteEdge(String content, @PathParam("version") String version, @PathParam("type") String type, - @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, - @Context UriInfo uriInfo, @Context HttpServletRequest req) { + @PathParam("id") String id, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, + @Context UriInfo uriInfo, @Context HttpServletRequest req) { LoggingUtil.initMdcContext(req, headers); logger.debug("Incoming request..." + content); Response response = null; - if (validateRequest(req, uri, content, Action.DELETE, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { - try { + try { + if (validateRequest(req, uri, content, Action.DELETE, CrudServiceConstants.CRD_AUTH_POLICY_NAME, headers)) { String result = graphDataService.deleteEdge(version, id, type); response = Response.status(Status.OK).entity(result).type(mediaType).build(); - } catch (CrudException ce) { - response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); - } catch (Exception e) { - response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); + } else { + response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); } - } else { - response = Response.status(Status.FORBIDDEN).entity(content).type(MediaType.APPLICATION_JSON).build(); + } catch (CrudException ce) { + response = Response.status(ce.getHttpStatus()).entity(ce.getMessage()).build(); + } catch (Exception e) { + response = Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } LoggingUtil.logRestRequest(logger, auditLogger, req, response); @@ -765,9 +793,9 @@ public class CrudRestService { } protected boolean validateRequest(HttpServletRequest req, String uri, String content, Action action, - String authPolicyFunctionName, HttpHeaders headers) { - boolean isValid = false; - try { + String authPolicyFunctionName, HttpHeaders headers) throws CrudException { + boolean isValid = false; + try { String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite"); String authUser = null; if (cipherSuite != null) { @@ -777,19 +805,21 @@ public class CrudRestService { authUser = subjectDn.toString(); } isValid = this.auth.validateRequest(authUser.toLowerCase(), action.toString() + ":" + authPolicyFunctionName); - - String sourceOfTruth = null; - if(headers.getRequestHeaders().containsKey("X-FromAppId")) - sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId"); - - if(sourceOfTruth == null || sourceOfTruth.trim() == "") - throw new CrudException("Invalid request, Missing X-FromAppId header", Status.BAD_REQUEST); - - return isValid; } catch (Exception e) { logResult(action, uri, e); return false; } + + String sourceOfTruth = null; + if (headers.getRequestHeaders().containsKey("X-FromAppId")) { + sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId"); + } + + if (sourceOfTruth == null || sourceOfTruth.trim() == "") { + throw new CrudException("Invalid request, Missing X-FromAppId header", Status.BAD_REQUEST); + } + + return isValid; } void logResult(Action op, String uri, Exception e) {